Date: Fri, 7 Apr 2006 15:10:44 -0400 From: Robert Huff <roberthuff@rcn.com> To: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@freebsd.org> Subject: Re: web server attack Message-ID: <17462.47412.848744.740663@jerusalem.litteratus.org> In-Reply-To: <44359D84.9020000@vonostingroup.com> References: <MIEPLLIBMLEEABPDBIEGAEECHEAA.fbsd_user@a1poweruser.com> <44358FC6.3050000@mac.com> <44359D84.9020000@vonostingroup.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Frank Laszlo writes: > >> Does anyone know what this is and what I can do to stop it > >> besides adding the ip address to my firewall block rules? > > > > I suppose that someone is trying to exploit mod_proxy to connect to an > > SMTP server (that's the "CONNECT 4.79.181.15:25" part), or at least > > get HTTP replies back. > > Setup mod_security to block that type of request. Any chance you > can capture some packets and send a link? I'd like to take a look > at it. Running apache-2.2, I don't seem to have _security among the modules. Do I need to change my config (and rebuild), or does it perhaps go by another name in this version? Robert Huff
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17462.47412.848744.740663>